Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3456

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-3456
Last Modified 07 Mar 2011 10:10:51
Published 04 Aug 2008 03:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3456

Summary

phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.

Vulnerable Systems

Application

  • Phpmyadmin 2.0

  • Phpmyadmin 2.0.0

  • Phpmyadmin 2.0.1

  • Phpmyadmin 2.0.2

  • Phpmyadmin 2.0.3

  • Phpmyadmin 2.0.4

  • Phpmyadmin 2.0.5

  • Phpmyadmin 2.1

  • Phpmyadmin 2.1.0

  • Phpmyadmin 2.1.1

  • Phpmyadmin 2.1.2

  • Phpmyadmin 2.10.0

  • Phpmyadmin 2.10.0.0

  • Phpmyadmin 2.10.0.1

  • Phpmyadmin 2.10.0.2

  • Phpmyadmin 2.10.01

  • Phpmyadmin 2.10.1

  • Phpmyadmin 2.10.1.0

  • Phpmyadmin 2.10.2

  • Phpmyadmin 2.10.2.0

  • Phpmyadmin 2.10.3

  • Phpmyadmin 2.10.3.0

  • Phpmyadmin 2.11.0

  • Phpmyadmin 2.11.0.0

  • Phpmyadmin 2.11.1

  • Phpmyadmin 2.11.1.0

  • Phpmyadmin 2.11.1.1

  • Phpmyadmin 2.11.1.2

  • Phpmyadmin 2.11.2

  • Phpmyadmin 2.11.2.0

  • Phpmyadmin 2.11.2.1

  • Phpmyadmin 2.11.2.2

  • Phpmyadmin 2.11.3

  • Phpmyadmin 2.11.3.0

  • Phpmyadmin 2.11.4

  • Phpmyadmin 2.11.4.0

  • Phpmyadmin 2.11.5

  • Phpmyadmin 2.11.5.0

  • Phpmyadmin 2.11.5.1

  • Phpmyadmin 2.11.5.2

  • Phpmyadmin 2.11.6

  • Phpmyadmin 2.11.7.0


References

FEDORA - FEDORA-2008-6868

FEDORA - FEDORA-2008-6810

MISC - http://yehg.net/lab/pr0js/advisories/Cross-Site_Framing_inphpMyAdmin2.11.7.pdf

XF - phpmyadmin-multiple-weak-security(44050)

VUPEN - ADV-2008-2226

BID - 30420

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6

MANDRIVA - MDVSA-2008:202

DEBIAN - DSA-1641

SECUNIA - 32834

SECUNIA - 31312

SECUNIA - 31263

SUSE - SUSE-SR:2008:026


Last Updated: 27 May 2016 10:48:12